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WHAT IS CLAIMED IS: 




A method of establishing a connection between a first computer of a 



first computer network and a resource of a second computer network via a third 
network, along a route through an intermediate system having an interface to the first 
computer network, and through a gateway intervening between the second computer 
network and the third network, the resource belonging to-the-domain of the gateway 



configuring the intermediate system with a tunnel from the intermediate system 
to the gateway; 

mapping the tunnel with a requester and a domain name of the gateway; 

the requester issuing a request for a connection from the first computer to the 

resource by specifying a name of the resource; 

receiving the request at the intermediate system via the interface; 

using a rule for matching the name of the resource with the gateway; 

mapping the name of the resource to the tunnel; 

returning a temporary IP number to the first computer in answer to the request; 
mapping the temporary IP number to the name of the resource; 
the gateway administrating the handling of data packets such that data packets 
addressed by the first computer to the temporary IP number, arriving through 
the tunnel, are routed to the resource; / ^ > ^ 

the gateway administrating the handling of data packets such that data packets 
arriving from the resource destined to the first computer, are routed through the 
tunnel to the first computer via the intermediate system. 

2. v v The method according to claim 1, w here i n the mothocb further 






transmitting a message with the mapping of the temporary IP number to the 
gateway by means of the tunnel. 
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3. The method according to claim 1, wherein the step of the gateway 
administrating the handling of data packets such that data packets addressed by the first 
computer to the temporary IP number, arriving through the tunnel, are routed to the 
resource, comprises the substep of: 

directing the intermediate system to translate source addresses of data packets 
addressed to the temporary IP number to be sent through the tunnel. 

4. The method according to claim 1, wherein the step of the gateway 
administrating the handling of data packets such that data packets addressed by the first 
computer to the temporary IP number, arriving through the tunnel, are routed to the 
resource, comprises the substep of: 

directing the intermediate system to translate destination addresses of data 
packets addressed to the temporary IP number to be sent through the tunnel, by 
means of at least a partial DNS function in the intermediate system. 

5. The method according to claim 1, wherein the step of the gateway 
administrating the handling of data packets such that data packets addressed by the first 
computer to the temporary IP number, arriving through the tunnel, are routed to the 
resource, comprises the substep of: 

the gateway translating source addresses of data packets arriving through the 
tunnel addressed to the temporary IP number and routing these data packets to 
the resource. 

6. The method according to claim 1, wherein the step of the gateway 
administrating the handling of data packets such that data packets addressed by the first 
computer to the temporary IP number, arriving through the tunnel, are routed to the 
resource, comprises the substep of: 
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the gateway translating destination addresses of data packets arriving through 
the tunnel addressed to the temporary IP number and routing these data packets 
to the resource. 



administrating the handling of data packets such that data packets arriving from the 
resource destined to the first computer, are routed through the tunnel to the first 
computer via the intermediate system, comprises the substep of: 

the gateway translating source and destination addresses of data packets 
arriving from the resource destined to the first computer, and routing these data 
packets through the tunnel to the first computer via the intermediate system. 

8. The method according to claim 1, wherein the step of the gateway 
administrating the handling of data packets such that data packets arriving from the 
resource destined to the first computer, are routed through the tunnel to the first 
computer via the intermediate system, comprises the substep of: 

directing the intermediate system to translate source and destination addresses 
of data packets arriving from the resource via the tunnel destined to the first 
computer. 

9. The method according to claim 1, wherein the third network is a 
telecommunications network. 

10. The method according to claim 1, wherein the third network is the 



7. 



The method according to claimr 1 , wherein the step of the gateway 



Internet. 



11. The method according to claim 1, wherein the rule for matching the 

name of the resource with the gateway is based on a mapping. 
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12. The method according to claim 1, wherein the rule for matching the 
name of the resource with the gateway is based on a list of hosts. 

13. The method according to claim 1, wherein the rule for matching the 

name of the resource with the gateway is based q*t a regular ^wildcard expression. 

-A A 

14. The method according to claim 1, wherein the rule for matching the 
name of the resource with the gateway is based on matching a domain name of the 
name of the resource with the domain name of the gateway. 

15. v The method according to claim 1, wlieiein ihc meth od' further 

/ee mpri s eS ' t he step of: 
A. 

authenticating the requester at the first computer for access to the tunnel. 

16. The method according to claim 1, wherein the name of the resource 
corresponds to a second computer within the second computer network, the second 
computer belonging to the domain of the gateway and comprising the resource. 

17. The method according to claim 16, wherein the gateway 
administrating the handling of data packets such that data packets addressed by the first 
computer to the temporary IP number, arriving through the tunnel, are routed to the 
resource residing on the second computer. 

18. The method according to claim 16, wherein the gateway 
administrating the handling of data packets such that data packets addressed by the first 
computer to the temporary IP number, arriving through the tunnel, are routed to the 
resource, the resource residing on a proxy of the second computer. 
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19. The method according to claim 18, wherein the proxy to which the 

gateway routes data packets addressed by the first computer to the temporary IP 
number, is in dependence on an identity of the requester. 



5 ^v. A device arranged to establish a connection between a first computer 

of a first computer network and a resource of a second computer network via a third 
network, along a route through the device having an interface to the first computer 
network, and through a gateway intervening between the second computer network and 
the third network, the resource belonging to -tb^ciomain of the gateway* wherein the 
10 device ^ompn s c a:— * 

means arranged to configure a tunnel from the device to the gateway, 

means arranged to map the tunnel with a requester and a domain name of the 

gateway, 

means arranged to receive a request, issued by the requester, via the interface 
15 for a connection from the first computer to the resource by specifying a name of 

the resource, 

means arranged to use a rule for matching the name of the resource with the 
gateway, 

means arranged to map the name of the resource to the tunnel, 
20 - means arranged to return a temporary IP number to the first computer in answer 
to the request, 

means arranged to map the temporary IP number to the name of the resource, 
means arranged to cooperate with the gateway administrating the handling of 
data packets such that data packets addressed by the first computer to the 

25 temporary IP number, arriving through the tunnel at the gateway, are routed to 

^ the resource, ^t^^ 

means arranged to cooperate with the gateway administrating the handling of 
data packets such that data packets arriving from the resource destined to the 
first computer, are at the gateway routed through the tunnel to the first 

30 computer via the device. 



